Fuzzing? Or something sinister?

Question

Hello, all,It has recently been brought to my attention that someone in Germany has been trying some pretty weird things with our public-facing website, and I'm inclined to believe that these actors are just trying to fuzz our servers. Pen testing in the wild, so to speak.But then there's that paranoid part of me that is thinking this could be something else, something malicious.This/these person(s) are flooding our web servers with GET requests that are odd:GET/60,83,84,89,76,69,62,108,105,32,123,108,105,115,116,45,115,116,121,108,101,45,105,109,97,103,101,58,32,117,114,108,40,34,106,97,118,97,115,99,114,105,112,116,58,106,97,118,97,115,99,114,105,112,116,58,56,55,56,48,53,52,97,101,48,100,52,54,54,52,100,53,53,98,48,101,49,98,55,50,53,98,51,48,101,57,50,57,34,41,59,125,60,47,83,84,89,76,69,62,60,85,76,62,60,76,73,62,88 HTTP/1.1Someone here managed to decode this:

Now, I've never seen "javascript:javascript:{random string}", before. Is this an attempt to inject code into our website??? Or is this a part of a fuzzing technique? Something worse?? Something weak a script-kiddie would use?V/r,^_^

Steve Sommers · Answer

I've never heard the phrase fuzzing but it could be sinister or accidental, but definitely a scan of some sort. Here, we treat everything as hostile until we determine otherwise -- but we deal with payments so we tend to be very protective, bordering paranoid.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded